Payment Processor Risk: Do You Know It When You See It? Red Flags for the Unwary

Recent litigation and enforcement activities of the Consumer Financial Protection Bureau ("CFPB" or the "Bureau") spotlight the heightened regulatory focus on payment intermediaries, i.e. processors, and their role as "gatekeepers."

In the CFPB's words, expressed in the Bureau's recently filed complaint against payment processor Intercept Corporation and its principals ("Intercept"), payment processors provide "access to the banking system" and the means for businesses—including potentially unscrupulous ones—to extract money from consumers' bank accounts.1 In opposition to Intercept's efforts to dismiss the CFPB's action, the Bureau reemphasized the unique position of payment processors and their attendant responsibilities, noting that, "[a]s gatekeepers to a system in which so much money changes hands, third-party payment processors as well as the banks they work with have responsibilities to monitor their transactions for suspicious activity and not enable fraud on the ACH network."2

Beyond the Intercept matter, the CFPB's lawsuits in recent years against telecommunications giants Sprint and Verizon showcase the need for payment intermediaries, including entities whose payment processing activities are incidental to their core business, to remain vigilant in the face of increased regulatory scrutiny. Collectively, these matters, along with the CFPB's recent settlements involving payment processors, highlight the importance of maintaining adequate compliance and monitoring systems. Discussed below are further details regarding the CFPB's litigation and enforcement activities against payment processors, compliance issues showcased by such matters, and pro-active risk mitigation strategies that payment processors should consider in light of recent CFPB scrutiny.